Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Neither helm chart nor manual installation works
See original GitHub issueHi,
I am working with a protected Kubernetes environment in which privileged pods are forbidden, I have tried both helm chart installation and kubectl apply -f https://strimzi.io/install/latest?namespace=messaging.
The error that I am getting is:
Error creating: pods "strimzi-cluster-operator-54ff55979f-" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.initContainers[0].securityContext.runAsNonRoot: Invalid value: false: must be true spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_ADMIN": capability may not be added spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_RAW": capability may not be added]
And there is no way to change securityContext in both ways.
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Helm Install
This command installs a chart archive. The install argument must be a chart reference, a path to a packaged chart, a path to...
Read more >Error Installing Pixie with Helm - New Relic Explorers Hub
Until this is not solved, I basically install the pixie-chart manually and use nri-bundle only for the newrelic-pixie chart.
Read more >How to Use the helm install Command - phoenixNAP
To install a helm chart, you either have to find it online or create a helm chart yourself. You can obtain them in...
Read more >Configure charts using globals - GitLab Docs
To reduce configuration duplication when installing our wrapper Helm chart, several configuration settings are available to be set in the global section of ......
Read more >helm - Garden documentation
Specify a Helm chart (either in your repository or remote from a registry) to deploy. Refer to the Helm guide for usage instructions....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
That is well possible. I didn’t said that Kafka cannot work with Istio. I said that Strimzi does not support it.
Strimzi does its own security so if Istio messes up with it, it breaks it. I have no idea what the Bitnami Helm Chart does and what features it has. So I cannot compare it.
But if I install Kafka from bitnami helm chart, it works with Istio injection with no problem, the only thing that I need to set is the
serviceAccountNamethat allows theinitContainerdoes some stuff for Istio, nothing else.So what Stirmzi exactly does when it wants to bring up the Kafka that makes it incompatible with Istio?